diff options
| author | Adriaan de Jong <dejong@fox-it.com> | 2011-06-30 14:15:40 +0200 |
|---|---|---|
| committer | David Sommerseth <davids@redhat.com> | 2011-10-22 11:32:40 +0200 |
| commit | 75c67073ed5d35b0efcd2a99492cf34339da08fb (patch) | |
| tree | deb4f2137dd918ae06a50bf1e89f94690526eb3a /ssl_verify.c | |
| parent | a4c926bb5939d95d9e7c0dfd4b83e61a11f86c90 (diff) | |
| download | openvpn-75c67073ed5d35b0efcd2a99492cf34339da08fb.tar.gz openvpn-75c67073ed5d35b0efcd2a99492cf34339da08fb.tar.xz openvpn-75c67073ed5d35b0efcd2a99492cf34339da08fb.zip | |
Refactored tls-verify-plugin code
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
Diffstat (limited to 'ssl_verify.c')
| -rw-r--r-- | ssl_verify.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/ssl_verify.c b/ssl_verify.c index 9eda092..84b758b 100644 --- a/ssl_verify.c +++ b/ssl_verify.c @@ -450,6 +450,39 @@ verify_cert_set_env(struct env_set *es, x509_cert_t *peer_cert, int cert_depth, } } +/* + * call --tls-verify plug-in(s) + */ +int +verify_cert_call_plugin(const struct plugin_list *plugins, struct env_set *es, + int cert_depth, x509_cert_t *cert, char *subject) +{ + if (plugin_defined (plugins, OPENVPN_PLUGIN_TLS_VERIFY)) + { + int ret; + struct argv argv = argv_new (); + + argv_printf (&argv, "%d %s", cert_depth, subject); + + ret = plugin_call (plugins, OPENVPN_PLUGIN_TLS_VERIFY, &argv, NULL, es, cert_depth, cert); + + argv_reset (&argv); + + if (ret == OPENVPN_PLUGIN_FUNC_SUCCESS) + { + msg (D_HANDSHAKE, "VERIFY PLUGIN OK: depth=%d, %s", + cert_depth, subject); + } + else + { + msg (D_HANDSHAKE, "VERIFY PLUGIN ERROR: depth=%d, %s", + cert_depth, subject); + return 1; /* Reject connection */ + } + } + return 0; +} + /* *************************************************************************** * Functions for the management of deferred authentication when using |